Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted nginx 1.18.0-6.1+deb11u5 (source) into oldstable-security
Date: Tue, 24 Jun 2025 12:50:21 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Jun 2025 11:46:08 +0200
Source: nginx
Architecture: source
Version: 1.18.0-6.1+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-lists.debian.net>
Changed-By: Sylvain Beucler <beuc@debian.org>
Changes:
 nginx (1.18.0-6.1+deb11u5) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2020-36309: ngx_http_lua_module allows unsafe characters in an
     argument when using the API to mutate a URI, or a request or response
     header.
   * CVE-2024-33452: lua-nginx-module allows a remote attacker to conduct
     HTTP request smuggling via a crafted HEAD request.
Checksums-Sha1:
 8b6a5f43be2eb4f1578c7f98b10179a6b36d8621 4790 nginx_1.18.0-6.1+deb11u5.dsc
 739890ac20834e0a9e9cccfcd95ade8c2f36448e 1046132 nginx_1.18.0-6.1+deb11u5.debian.tar.xz
 9c080b634e9076e917ca33c4119aaef00de38612 26181 nginx_1.18.0-6.1+deb11u5_amd64.buildinfo
Checksums-Sha256:
 c2307f2cbbef9ce25412b602b65d05a146afaf16c57fc526d82978fc0407bd86 4790 nginx_1.18.0-6.1+deb11u5.dsc
 3f9c6a3161d81f65fe650d9be0522d901dfb6e99eabb3c386d27aa61abf2c579 1046132 nginx_1.18.0-6.1+deb11u5.debian.tar.xz
 bad9462ed24a6961f357c9fe3ce60fd70783085096bf3767029b3dfab817b450 26181 nginx_1.18.0-6.1+deb11u5_amd64.buildinfo
Files:
 ab1ed3d55442967d1dfba15fcf6bdf62 4790 httpd optional nginx_1.18.0-6.1+deb11u5.dsc
 d2342d0ff59bf20397f6f6d0002df77d 1046132 httpd optional nginx_1.18.0-6.1+deb11u5.debian.tar.xz
 44272e9e4c50dac7bf79172adcb84008 26181 httpd optional nginx_1.18.0-6.1+deb11u5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmhanMsACgkQDTl9HeUl
XjAa2Q//Z0Cv/vD37KIKdpbVE3cJeW3x6JWs/cT4LcYVFH5UMxTMtinoCFL74US8
WPy8YIEIgfRm1pMiH6w8cDAswU8+qfE6v+r+WfCyoSXHyPBRMin4WlqxWs3IRvxT
wjblqX+4yUyVSz9b96UdmYfGLgKd+jIjd6XZlMSMw6C2lDV420vdB1FGDErkJ3mg
BhGFGq9ptUfi1tQK5JJp9YzkLdCg7n70o6zHfKslfYXoRp18QbNY0UhM5ZY4bxX1
9+Zziq73OJR4wX3515pydL01syMH4TagmE1e0Bv+tFTUoQNF60td6irTLaw9P/wW
lrtad+6yMw5EGQ8UXIcdujA0VcE0e0jQxePdRN7MDi+uc+09eGJs1j+CaNNQpsIs
cS34ioFxkuJifJUde2PTvOeiICyw0D/nqkfQ27emtpxGMfhd/4/ESVeIQtX+rwhJ
sze9Z7V8mfh6bWrYC9otvTYFY2EvkeaMJdKuND9kVjLKYrWkXAgbiOs9Nbi+i0J2
wZrO6K2fxDLWDDOm0q21+xI2Ec1BujzOlVN+ROrCVN+P3DJXAp+6Y6toJlL3R3da
ZnJR5GVcRbQRRSRuJRhqX2vnFm7/ar9ytE67UJDM11smbsPgcY2Xj/XloemSol+U
Zu6A3iB0M8Atru+YCdC0Ob01zeAf3OESe8UlrvKvzgkdyXWwk+8=
=tD+6
-----END PGP SIGNATURE-----

News for package nginx